Uploadify is destroying session before upload

Question

We all know that Uploadify has a session problem. As I browse through the posts, I found the solution for the problem which is I need to pass session through ajax.

But the problem is, whenever I go to a page which contain uploadify things, It destroys the Session usually after refresh. I didn't even upload anything. '.

For example, I got to a page which contain uploadify scripts. And without doing anything, I went to other page and it automatically redirect to login page* which means session is destroyed.

Does the Uploadify does the ajax call before I upload the files or even before pressing the upload button?

Is there any ways to solve this?

This is my Ajax code:

$(function() {
$('#file_upload1').uploadify({
       'formData'     : {
         'PHPSESSID': '<?=session_id()?>',
         'timestamp' : '<?php echo $timestamp;?>',
         'token'     : '<?php echo md5('unique_salt' . $timestamp);?>'
        },
        'swf'      : 'uploadify.swf',
        'uploader' : 'uploadify1.php?id=<? echo $id; ?>&state=<? echo strtolower($state); ?>'

         });
});

This is my top PHP code :

session_id($_POST['PHPSESSID']);

include "func.php";
sec_session_start();

sec_session_start(); is a function. So , sec_session_start(); codes :

function sec_session_start() {
        $session_name = 'sec_session_id'; // Set a custom session name
        $secure = false; // Set to true if using https.
        $httponly = true; // This stops javascript being able to access the session id. 

        ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
        session_set_cookie_params(86400);
        $cookieParams = session_get_cookie_params(); // Gets current cookies params.
        session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
        session_name($session_name); // Sets the session name to the one set above.
        session_start(); // Start the php session
        session_regenerate_id(true); // regenerated the session, delete the old one.     
}

Answer 1

Have you tried replacing the PHPSESSID with sec_session_id ?

$(function() {
$('#file_upload1').uploadify({
       'formData'     : {
         '<?=session_name()?>': '<?=session_id()?>',
         'timestamp' : '<?php echo $timestamp;?>',
         'token'     : '<?php echo md5('unique_salt' . $timestamp);?>'
        },
        'swf'      : 'uploadify.swf',
        'uploader' : 'uploadify1.php?id=<? echo $id; ?>&state=<? echo strtolower($state); ?>'

         });
});

On top of your PHP: session_id($_POST['sec_session_id']);

Also, session_name($session_name) should be executed before session_set_cookie_params.

function sec_session_start() {
        $session_name = 'sec_session_id'; // Set a custom session name
        session_name($session_name); // Sets the session name to the one set above.
        $secure = false; // Set to true if using https.
        $httponly = true; // This stops javascript being able to access the session id. 

        ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
        session_set_cookie_params(86400);
        $cookieParams = session_get_cookie_params(); // Gets current cookies params.
        session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
        session_start(); // Start the php session
        session_regenerate_id(true); // regenerated the session, delete the old one.     
}